com.sun.identity.authentication.modules.hotp

Class HOTPAlgorithm

java.lang.Object

com.sun.identity.authentication.modules.hotp.HOTPAlgorithm

public class HOTPAlgorithm
extends Object

This class contains static methods that are used to calculate the One-Time Password (OTP) using JCE to provide the HMAC-SHA-1.

Version:

1.0

Author:

Loren Hart

Method Summary

Modifier and Type	Method and Description
static int	calcChecksum(long num, int digits) Calculates the checksum using the credit card algorithm.
static String	generateOTP(byte[] secret, long movingFactor, int codeDigits, boolean addChecksum, int truncationOffset) This method generates an OTP value for the given set of parameters.
static byte[]	hmac_sha1(byte[] keyBytes, byte[] text) This method uses the JCE to provide the HMAC-SHA-1 algorithm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

calcChecksum

public static int calcChecksum(long num,
                               int digits)

Calculates the checksum using the credit card algorithm. This algorithm has the advantage that it detects any single mistyped digit and any single transposition of adjacent digits.

Parameters:

num - the number to calculate the checksum for

digits - number of significant places in the number

Returns:

the checksum of num

hmac_sha1

public static byte[] hmac_sha1(byte[] keyBytes,
                               byte[] text)
                        throws NoSuchAlgorithmException,
                               InvalidKeyException

This method uses the JCE to provide the HMAC-SHA-1 algorithm. HMAC computes a Hashed Message Authentication Code and in this case SHA1 is the hash algorithm used.

Parameters:

keyBytes - the bytes to use for the HMAC-SHA-1 key

text - the message or text to be authenticated.

Throws:

NoSuchAlgorithmException - if no provider makes either HmacSHA1 or HMAC-SHA-1 digest algorithms available.

InvalidKeyException - The secret provided was not a valid HMAC-SHA-1 key.

generateOTP

public static String generateOTP(byte[] secret,
                                 long movingFactor,
                                 int codeDigits,
                                 boolean addChecksum,
                                 int truncationOffset)
                          throws NoSuchAlgorithmException,
                                 InvalidKeyException

This method generates an OTP value for the given set of parameters.

Parameters:

secret - the shared secret

movingFactor - the counter, time, or other value that changes on a per use basis.

codeDigits - the number of digits in the OTP, not including the checksum, if any.

addChecksum - a flag that indicates if a checksum digit should be appended to the OTP.

truncationOffset - the offset into the MAC result to begin truncation. If this value is out of the range of 0 ... 15, then dynamic truncation will be used. Dynamic truncation is when the last 4 bits of the last byte of the MAC are used to determine the start offset.

Returns:

A numeric String in base 10 that includes

Throws:

NoSuchAlgorithmException - if no provider makes either HmacSHA1 or HMAC-SHA-1 digest algorithms available.

InvalidKeyException - The secret provided was not a valid HMAC-SHA-1 key.